McAfee Artemis “always on” protection

This site may earn affiliate commissions from the links on this page. Terms of use.

Most of the security solutions we protect our machines with today work by regularly downloading new signature files that protect us from malicious attacks. One problem with this however is that the number of attacks is growing at such a rate that updating and storing those signature files is going to amass a huge amount of data on your hard drive.

McAfee may have a solution to that, however, along with a better way of securing against attacks through its Artemis project. Instead of regular updates downloaded to each machine, Artemis reverses the process allowing a single machine to produce a signature file when attacked and then upload it to a central, online repository.

It also works the other way round. If a machine detects malicious activity and doesn’t have a solution it can ask the larger, online database for a solution and download just that signature. That way individual machines aren’t encumbered with signatures they don’t need, but have instant access to a database of signatures much larger than you would typically find on a single hard drive.

Here’s the process explaination as taken fromthe McAfee website:

A user receives a file that the scan agent deems suspicious (for example, an encrypted or packed file) and for which there is no signature in the local .DAT database.

Using McAfee Artemis Technology, the agent sends a fingerprint of the file for instant lookup to the comprehensive database at McAfee Avert® Labs.

In less than a second, if the fingerprint is identified as known malware, an appropriate response is sent to the user to block or quarantine the file.

Matthew’s Opinion
It makes sense to allow individual machines to do some work when a threat is detected and then upload the result for others to use. This may involve using more of a machine’s resources for a short period of time, but overall that resource usage should be cut and lead to better overall protection.

I don’t notice the signature updates received regularly from my Kaspersky installation, but they only happen every so often. What McAfee are suggesting they will be able to do is instant updates and only when required. As long as the quarantine process allows a suspicious file to be held while this happens, and doesn’t limit user activity, it should work well.

What it does do is put extra pressure on McAfee to keep their online database working 24/7 as with a reduced signature set on individual machines, if it goes offline you could suddenly see a spike in infections. If it really takes off you may even see hackers targeting the central database trying to take it offline as they deliver a virus load to unsuspecting users.